How Secure Are You Online? The Checklist

Think you do enough to secure your passwords, browsing and networking? Prove it. Not all computer security is about tinfoil hats and anonymous browsing. Everyone who uses a computer has a horse in the security race.

For the purpose of this post, we're breaking down online security into four essential parts: passwords, browsers, at-home Wi-Fi and networking, and browsing on public Wi-Fi. Within those categories we'll give you a checklist of everything you should do, from the bare minimum to the tinfoil-hat best.

Think you've done your due diligence with your security? Jump to any of the four sections below to see how you stack up (and boost your security where you may be lacking):

Password Security Checklist

Password security has been popping up a lot in the news recently, but how much you should care is entirely dependent on what you do online.

The Bare Minimum of Password Security

Just because you don't use a lot of online services doesn't mean you can neglect basic password security. Sure, you don't need to take any complicated measures, but everyone should at least do a couple things.

Use unique passwords for every site:Don't ever reuse the same email and password combo on multiple services. It might seem like it doesn't matter, but if a hacker gets your account information on one site, that means they can use that login information on every other site you're registered at. Keep all your passwords different.

Use Should I Change My Password? to track security breaches: If you don't keep up with tech news you probably don't see most minor security breaches. To help out, the webapp Should I Change My Password? notifies you when a major service is hacked.

That's the minimum you should do if you want to play it safe and secure with your passwords. But you can do better than that. Let's step up your game.

Level Up: You're a Password Pro

If you're work a lot online, then you need more complicated security measures. With that in mind, you should perform the steps mentioned above and these as well:

Use two-factor authentication whenever possible: Two-factor authentication is a simple way to lock your computer to an account so you have to verify your identity when you log onto a different computer. Not all services have it, but Google, LastPass, Facebook, Dropbox and more all do. Use it.

Use a password manager: We get it: you have a lot of passwords and you don't want to remember them all. Instead of reusing the same junky password, a password manager is a simple way to save them all securely. We like LastPass, but KeePass and 1Password are equally solid solutions.

Shut down and unlink services you don't use: If you're the type to try out a lot of different web apps or mobile apps, then you probably have passwords scattered everywhere. When you decide you don't want to use a service anymore, remember to delete your account. This way, if the service is hacked, you don't have to fumble around trying to remember your login information. For added protection, make sure you clean up your app permissions on Facebook and Twitter.

If you're doing all of the above, your passwords are about as safe as they can get. Nice work and stay vigilant!

Browser Security Checklist

With all your passwords sorted, it's time to ensure your browsing is both secure and private. Of course, many people don't care about privacy, but security — even after your passwords are in order — is still important.

The Bare Minimum of Browser Security

Password security is just part of the battle. You also want to make sure your browser is secure. This is what everyone should be doing:

HTTPS Everywhere: You likely know by now that you should never hand over personal info unless you're doing so over a secure connection (HTTPS in the browser URL). The HTTPS Everywhere browser extension highlights secure sites, and ensures you're always on HTTPS whenever it's available (including on social networks, shopping sites and more).

Log out of your accounts: If you're sharing a computer in a house full of people, or you do most of your browsing on a public computer, always remember to log out of any account you use. It's a simple, obvious step, but it's worth repeating to yourself until you remember. When you don't log out of an account, you're giving people authorisation to snoop.

The basics of browser security are enough for most people, but if you want to keep advertisers and The Man off your back, you need to take a few more measures.

Level Up: Keep Everyone from Tracking You

We know that pretty much everyone is tracking your every move on the web. The data collected from your browsing is used for ads, targeted coupons and plenty more. Let's put a stop to that.

Adblock Plus: Adblock Plus isn't just an ad blocking extension, it also helps keep the likes of Twitter, Facebook and Google+ from transmitting data about you.

Ghostery: Ghostery is an extension that's all about eliminating tracking cookies and plugins used by ad networks. With Ghostery installed, no advertiser can snoop on what you're doing online.

Do Not Track Plus: Do Not Track is an extension that eliminates sites with Facebook and Google+ buttons from tracking you. By default, a data exchange happens when you visit a site with one of these buttons, even if you don't click on them. Do Not Track stops that from happening.

These extensions and measures can ensure you have a private and secure browsing experience. But if you really want to keep your browsing away from prying eyes, you have to go anonymous.

Next Level: Go Anonymous

Completely anonymous browsing isn't for everyone, nor is it for every situation. However, it can come in handy when you're torrenting, when you don't want to give away your location, and if you just plain don't like somebody watching over your shoulder. Here's what you'll need.

Tor Browser: Tor is the easiest to use anonymous browser. When you use Tor for browsing, you don't get plugins, your traffic is automatically encrypted, and your browsing is always anonymous.

Use VPN services to secure everything you do: VPN services are a great way to create secure connections across the internet. Using a VPN means you're encrypting all the data transferred online. We like Hamachi because it's incredibly easy to use, but any of these five will do the trick.

Use BTGuard for anonymous torrenting: Peer-to-peer file-sharing is great, but since it's often used for piracy, you might want to keep your downloads private. BTGuard does just that through a proxy server (which helps keep you anonymous).

Home Network Security Checklist

Once your internet data is secure, it's time to secure your data on your home computer. This means backing everything up and keeping your network safe from prying eyes.

The Bare Minimum of Network Security

If you don't use your computer for much more than browsing the web, creating a couple documents and storing family photos, then you don't need to do much to keep everything safe.

Keep your software up to date: Software updates aren't just about adding new features, they're often about patching security holes. Thankfully, the update process is very simple. On Windows, click the Start Menu > All Programs > Windows Update. On Mac, click the Apple menu, and choose Software Update. Both update programs run periodically on their own, but it's always good to check for a new update if you hear about a security issue.

Backup your photos and documents: Perhaps you're not all that worried about what would happen if your $200 computer dies because you don't do that much with it. Still, chances are you have a resume or some holiday photos on the hard drive. Backing up those few important files is easy. Cloud storage such as Dropbox, Box and Skydrive take very little time to set up. Once you do, your few important documents will be saved online.

Prevent downloaded software from installing automatically: Malware often comes in the form of a download you don't notice happening, but it's easy to stop. On Windows, disabling AutoRun can stop around 50 per cent of malware threats, and all you need is the free software Disable Autorun. On Mac, downloads shouldn't run automatically, but if you're using OS X Mountain Lion, you can set up GateKeeper (System Preferences > Security & Privacy > General) to only allow applications from the Mac App Store for added security.

These are just the basics. If your computer is your livelihood, you need to do a few more things to keep your data secure.

Level Up: You're a Network Security Pro

Whether you work from home, or you're simply on a work computer all day long, keeping your data secure and safe is important. On top of everything above, you also want to add a few more security measures.

Set folder specific permissions: If you're sharing your computer with a household of people, but need to ensure your work documents are safe, then setting up permissions is the easiest way to do it. In Windows, right-click the folder, go to Properties and open the Security settings. Then click the edit setting and select your user name to lock the folder to you. On Mac, right-click a folder, click Get Info, and change the settings under Sharing & Permissions. For extra security, you can easily set up encryption with Truecrypt.

Know how someone would break into your computer (and keep it from happening to you): . Once you know how someone could get into your system, it's relatively easy to prevent. On Windows, you can usually get away with a long password, and on Mac you can set up FireVault to secure your data (System Preferences > Security).

The above is more than enough for most people on their home network, but what about when you need to leave the house?

Public Wi-Fi Security Checklist

Using public Wi-Fi exposes everything you do online (and your computer itself) to anyone else on the network. We've shown you how people sniff out your passwords on public Wi-Fi networks before, and it's suprisingly simple. Let's stop that from happening to you.

Bare Minimum of Public Wi-Fi Security

Let's say you occasionally check email on public Wi-Fi when your internet is down or you're on holidays. You're always tempting fate when you don't completely lock down your computer, but here's the minimum amount of effort you should always do.

Always use HTTPS: We mentioned HTTPS Everywhere above, but it's worth repeating here. If you're checking your email, or doing anything else with a password on a public network, always use HTTPS.

Turn off sharing: When you're at home you might share your files with other people on your network. That's great, but you don't want that on public Wi-Fi. Disable it before you even connect. In Windows, open Control Panel, then head to Network and Internet > Network and Sharing Center. Then click Choose Homegroup and Sharing Options > Change Advanced Settings. Turn off file sharing, print sharing, network discovery, and the public folder. On Mac, open System Preferences > Sharing, and make sure all the boxes are unchecked.

Don't connect to Wi-Fi unless you need it: This might seem like common sense, but if you're not actually using the internet connection, turn it off. In Windows, right-click the wireless icon in the taskbar and turn it off. On a Mac, click the Wi-Fi button in the menu bar, and turn off Wi-Fi.

Doing these three things will keep most of your data secure when you're just popping in to quickly check your email. If you're using free Wi-Fi in a dorm or apartment building, you need a stronger solution.

Level Up: You're a Public Wi-Fi Pro

If you're on public Wi-Fi a lot, it's best to really lock down and encrypt your data. In addition to the steps above (particularly turning off file sharing and HTTPS), you can lock out anyone pretty easily.

Encrypt everything with Hamachi and Privoxy: The easiest way to cut off outsiders from peeking into your private data when you're on a public network is with the free VPN Hamachi, and the web proxy Privoxy. Setup isn't much more complicated than a few clicks, and the end result is secure connections for all your browsing.

Encypt it further with an SSH SOCKS proxy: If you don't want to use a VPN, another option is to roll your own SSH SOCKS proxy. This encrypts all your web browsing and redirects it through a trusted computer.

That's all you really need to do when you're on public Wi-Fi to keep your browsing encrypted and safe. However, you can take it another step and go completely anonymous.

Next Level: Grab Your Tin Foil Hat, We're Going Untraceable

Perhaps you really don't want anyone tracking what you're doing on a public Wi-Fi network or worse, public computer. This sounds nefarious, but it's handy for things like checking your bank account on a public computer.

The simplest way to go completely anonymous is with a custom build of Linux called Tails installed on a USB or CD. We've walked you through the setup process before and it's very easy. With Tails you get a custom operating system with built-in anonymous browsing, encryption for email and chat, file encryption and lots of software. You can load Tails up on your own computer or a public one. With Tails, you not only browse without leaving a trace, you also secure everything you do.

Security is important to everyone who uses a computer. The precautions you decide to make are your own choice, but always keep in mind that you security online is just as important (if not more) than the security in your own home.

I use a different complex password on all the important sites - banking, gambling, email, Facebook, Twitter, Evernote, Dropbox, Ebay, Paypal, and ticket sites,. But on all the others - forums,shopping, news, etc. I use the same password

"Change your router’s security settings: If you’re still running your router’s default settings, then pretty much anyone can get into your home network and peek in on your computers"
wait what? all home routers I've seen lately come with a unique wpa-secured network pass and remote administration blocked by default.

For most web services, even moderate-strength passwords are fine. It's insanely difficult to brute force a webservice without actually compromising the servers first. Use anthonys technique: Unique passwords for everything you actually care about, and generic throwaway passwords for the rest.

It's also worth noting that most sites will not actually remove your information when you delete your account, you just get marked as 'inactive' in a database.So while nobody can actually log in, you're still vulnerable if their site is compromised.
It's worth changing your pass before you disable the account, though that only works if they dont log previous passwords.

Nice article, I liked the way you broke it down. I use Two-Factor Authentication across a lot of my accounts. I feel a lot more secure when I can telesign into my account. If you have that option available to you use it, it is worth the time and effort to have the confidence that your account won't get hacked and your personal information isn't up for grabs. I'm hoping that more companies start to offer this awesome functionality. This should be a prerequisite to any system that wants to promote itself as being secure.

Only logged in users may vote for comments!

Get Permalink

Trending Stories Right Now

The Australian Competition and Consumer Commission recently released its fifth report on real-world NBN speed, and the results weren’t too shabby. Download speeds generally increased when compared to the previous quarter, including during peak usage hours of 7pm - 11pm.

Netflix is making it rain original content this weekend, with ten new TV shows and movies to wrap your peepers around. (Count 'em!) There are also a handful of licensed films that are definitely worth getting the popcorn out for. Here's the full list.